The present invention relates to secure computer system in general.
The need for a secure computer system is well known. The need for secure computer systems falls into several categories. The need for secure capabilities which enable a computer to work in a secure environment, such as an electronic mail, remote banking, Internet, secure communications, telefax, or smart card environment is well known and falls into a first category of need. In a second category of need, it is well known that expensive computer CPU chips are often subject to theft. Unfortunately, individual expensive CPU chips can not easily be identified, and hence the recovery of stolen CPU chips is difficult. There is therefore a need to protect expensive CPU chips.
Methods and apparatus useful in secure computing are described in the following patent applications, commonly owned with the present application, the disclosures of which are hereby incorporated herein by reference:
Israel patent applications 113375 and 115534; and
U.S. patent applications 08/154220 and 08/437,223.
Methods and apparatus useful in secure computing are described in the following publications:
D. E. Denning and M. Smid, xe2x80x9cKey escrowing todayxe2x80x9d, IEEE Communication Magazine, September 1994, pp. 58-68;
C. Gressel, R. Granot, and I. Dror, xe2x80x9cInternational Cryptographic Communications Without Key Escrowxe2x80x9d, International Cryptographic Institute ""95, Washington D.C., Sep. 22, 1995;
R. L. Rivest, A. Shamir, and L. Adleman, xe2x80x9cA method for obtaining digital signatures and public-key cryptosystemsxe2x80x9d, Communications of the ACM Vol. 21 #2, February 1978, pp. 120-126;
DES Modes of Operation, FIPS PUB 81, National Bureau of Standards, US Department of Commerce, Washington, D.C., 1981;
MC68HC05SC49, 8-bit microcomputer with EEPROM and N modulo M exponent coprocessor product preview, Motorola semiconductor technical data, Schaumburg Ill., 1993;
MC68HC05SC30, Enhanced 8-bit microcomputer with EEPROM and N modulo M exponent coprocessor product preview, Motorola semiconductor technical data, Schaumburg, Ill., 1993;
ST16xc3x97F74 CMOS crypto-computer family ST16xc3x97F74, SGS-Thomson Microelectronics, Agrate, Italy, October 1993;
ST16CF54 CMOS MCU based safeguarded smartcard IC with modular arithmetic processor, SGS-Thompson Microelectronics, Agrate, Italy, September 1994; and
Cryptoprocessor chip includes embedded cryptolibrary, SGS-Thompson Microelectronics, Agrate, Italy, press release K491M, October 1994.
The disclosure of the above publications and of the publications cited therein are hereby incorporated by reference. The disclosures of all publications mentioned in this specification and of the publications cited therein are hereby incorporated by reference.
The present invention seeks to provide an improved secure computer system. In the present invention, an authenticator computer is embedded in the same package with a host CPU. The embedded authenticator computer may provide secure capabilities such as those described above. The embedded authenticator computer may also provide identifying information including proof of identity. The identifying information may aid in preventing theft of the computer system and/or may aid in identification of a stolen computer system. Because the authenticator computer is embedded in the same package with the host CPU, removing the authenticator computer in order to circumvent the anti-theft capabilities thereof will generally be very difficult and/or too expensive to attempt.
There is thus provided in accordance with a preferred embodiment of the present invention a secure computer including a host CPU and an authenticator computer, wherein both the host CPU and the authenticator computer are embedded in a single package. The authenticator computer may have an identity and, and the authenticator computer may provide proof of the identity upon receiving an external signal from a verifying device. The proof of the identity may include origin information and/or an audit trail.
The secure computer may also include a smart card receiver, which may comprise a reader/writer card, including at least one smart card acceptor socket, each smart card acceptor socket being adapted to receive a smart card, wherein the authenticator verifies the smart card. The at least one smart card acceptor socket may include a plurality of smart card acceptor sockets.
The authenticator may control access to a controlled device. The authenticator provides data protection, including data encryption and/or data decryption. The data protection may include providing and/or verifying a digital signature.
The authenticator may protect data transmission between the secure computer and a remote device, optionally using approved protocols for transnational encryption, as well as approved protocols for authentication origin and contents of documents using an electronic signature.
There is also provided in accordance with another preferred embodiment of the present invention a method for securing a host computer, the method including providing a host CPU, providing an authenticator computer, and embedding both the host CPU and the authenticator computer in a single package.